74e10f4a4c554c1bbcdd6a634a8622b6

Sharing

Copy URL Twitter E-mail

General

Target

74e10f4a4c554c1bbcdd6a634a8622b6
Size

1.0MB
MD5

74e10f4a4c554c1bbcdd6a634a8622b6
SHA1

e55701fdc34ede6372067a922747be98976e2ad3
SHA256

122fda384e9dee456ca4cb36e9f5e3c7fe3a06612ee3449e15258d00f120bba8
SHA512

3237226fd6b7f2bcd2762ebcad246c68996efd6dfd16a7144a0d88be19d727d40bb15fc77e17e0d06e8fabfcaa6c3269ac334aa7484af9091c0bd37f05fe3479
SSDEEP

24576:DR8v9USJo/iXPheY5bv6XZMZnfaBhlEfSSt2KqTvAb2:Dk9/o/WPheY5bv6XSnCBISA2KqTvAb2

Score

1^/10

Malware Config

Signatures

Files

74e10f4a4c554c1bbcdd6a634a8622b6
.exe windows:5 windows x86 arch:x86

0ea15b35c0d09b8cf15ac7dcec83708d

Code Sign

6d:2f:b6:37:5d:3a:87:88:b7:35:fe:db:d0:60:73:2b
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

29/08/2012, 00:00

Not After

29/08/2013, 23:59

Subject

CN=Excellent Apps,O=Excellent Apps,L=Philadelphia,ST=Pennsylvania,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ea:1f:f7:f2:9b:a2:42:07:7e:0d:1e:75:3a:07:e2:04:66:fd:a5:86
Signer

Actual PE Digest

ea:1f:f7:f2:9b:a2:42:07:7e:0d:1e:75:3a:07:e2:04:66:fd:a5:86

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

oleacc

AccessibleObjectFromWindow

urlmon

URLDownloadToCacheFileA

wininet

InternetCrackUrlA
InternetReadFile
HttpQueryInfoA
InternetCloseHandle
InternetSetOptionA
InternetConnectA
HttpOpenRequestA
HttpSendRequestA
InternetOpenA

ws2_32

gethostbyname
inet_ntoa
WSAStartup
WSACleanup

kernel32

FindNextFileA
FindFirstFileA
lstrlenW
EnterCriticalSection
LeaveCriticalSection
GetModuleFileNameA
GetVersion
GetProcAddress
GetModuleHandleA
LoadLibraryA
GetLastError
ReleaseMutex
OpenMutexA
CreateMutexA
LocalFree
FormatMessageA
SetLastError
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GlobalFlags
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
UnmapViewOfFile
SetEvent
MapViewOfFile
OpenFileMappingA
CreateFileMappingA
CreateEventA
lstrcpyA
LocalAlloc
GetCurrentProcess
WriteFile
ReadFile
SetFilePointer
GetFileSize
CreateFileA
InitializeCriticalSection
LockResource
LoadResource
FindResourceW
FlushInstructionCache
lstrcmpA
MulDiv
RaiseException
FindResourceA
lstrcmpiA
IsDBCSLeadByte
FreeLibrary
SizeofResource
LoadLibraryExA
GetExitCodeProcess
Sleep
CreateRemoteThread
VirtualFreeEx
WriteProcessMemory
VirtualAllocEx
OpenProcess
CreateDirectoryA
RemoveDirectoryA
GlobalHandle
Process32Next
CreateToolhelp32Snapshot
TerminateProcess
MoveFileExA
GetTempPathA
CopyFileExA
FindClose
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetTimeZoneInformation
LCMapStringW
GetFileType
SetHandleCount
FlushFileBuffers
GetConsoleMode
GetConsoleCP
ExitProcess
HeapSize
GetStringTypeW
GetLocaleInfoW
GetModuleFileNameW
GetStdHandle
IsProcessorFeaturePresent
HeapCreate
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetStartupInfoW
HeapSetInformation
GetCommandLineA
MoveFileA
DeleteFileA
HeapReAlloc
VirtualQuery
GetSystemInfo
GetModuleHandleW
VirtualAlloc
VirtualProtect
HeapAlloc
GetLocalTime
GetSystemTimeAsFileTime
RtlUnwind
EncodePointer
DecodePointer
HeapFree
GetCurrentProcessId
GetCurrentThreadId
CreateThread
WaitForSingleObject
CloseHandle
OutputDebugStringA
DebugBreak
InterlockedIncrement
LCMapStringA
GetStringTypeExA
InterlockedPopEntrySList
VirtualFree
InterlockedPushEntrySList
InterlockedCompareExchange
SetEnvironmentVariableA
CompareStringW
GetProcessHeap
SetEndOfFile
CreateFileW
WriteConsoleW
SetStdHandle
MultiByteToWideChar
WideCharToMultiByte
lstrlenA
InterlockedDecrement
LoadLibraryW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
InterlockedExchange
IsValidLocale
ExpandEnvironmentStringsA

user32

AttachThreadInput
SetFocus
GetFocus
UnregisterClassA
DestroyAcceleratorTable
wvsprintfA
LoadStringA
CharLowerA
MessageBoxA
CharNextA
PostMessageA
GetWindowThreadProcessId
IsWindowVisible
InvalidateRect
SendMessageA
GetWindowRect
SetForegroundWindow
BringWindowToTop
PostQuitMessage
MonitorFromWindow
GetMonitorInfoA
MapWindowPoints
IsDialogMessageA
CreateDialogIndirectParamA
GetForegroundWindow
EnumWindows
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
DestroyIcon
RegisterWindowMessageA
GetWindowTextLengthA
GetWindowTextA
CreateAcceleratorTableA
RegisterClassExA
LoadCursorA
GetClassInfoExA
IsWindow
ReleaseDC
GetDC
SetWindowPos
GetParent
FindWindowExA
UnhookWindowsHookEx
CallNextHookEx
SetWindowsHookExA
SetWindowTextA
SetTimer
KillTimer
SetWindowLongA
GetWindowLongA
CreateWindowExA
SendDlgItemMessageA
GetWindow
GetDlgItem
SetWindowContextHelpId
MapDialogRect
EndDialog
DefWindowProcA
GetSysColor
MoveWindow
GetClientRect
ClientToScreen
ScreenToClient
InvalidateRgn
RedrawWindow
SetCapture
IsChild
GetClassNameA
ReleaseCapture
FillRect
DestroyWindow
CallWindowProcA
EndPaint
BeginPaint
GetDesktopWindow

gdi32

DeleteObject
GetTextExtentPoint32A
SelectObject
CreateFontA
GetObjectA
CreateCompatibleBitmap
CreateCompatibleDC
GetDeviceCaps
CreateSolidBrush
GetStockObject
BitBlt
DeleteDC

advapi32

RegQueryInfoKeyW
RegDeleteValueA
RegDeleteKeyA
LookupPrivilegeValueA
AdjustTokenPrivileges
RegSetValueExA
RegCreateKeyExA
OpenProcessToken
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
RegQueryValueExA
RegCloseKey
RegOpenKeyExA
RegEnumValueA
RegEnumKeyExA

shell32

ShellExecuteExA
SHGetFolderPathA

ole32

CoGetClassObject
CLSIDFromString
OleInitialize
OleUninitialize
CoTaskMemRealloc
CoTaskMemFree
CoUninitialize
CoInitialize
CoCreateInstance
CLSIDFromProgID
OleLockRunning
StringFromGUID2
CreateStreamOnHGlobal
CoTaskMemAlloc

oleaut32

VariantClear
SysAllocString
VariantChangeType
SysAllocStringLen
SysStringLen
VariantInit
LoadTypeLi
DispCallFunc
OleCreateFontIndirect
VarUI4FromStr
VariantCopy
SysFreeString
LoadRegTypeLi

shlwapi

ord176

comctl32

ImageList_GetImageCount
ImageList_Remove
ImageList_ReplaceIcon
InitCommonControlsEx

gdiplus

GdipAddPathEllipseI
GdipAddPathRectangleI
GdipSetStringFormatTrimming
GdipSetStringFormatAlign
GdipCreateSolidFill
GdipCreateHICONFromBitmap
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipWindingModeOutline
GdipDeleteGraphics
GdipSetPathGradientFocusScales
GdipSetPathGradientSurroundColorsWithCount
GdipGetPathGradientPointCount
GdipSetPathGradientCenterColor
GdipDeletePath
GdipCreatePath
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDeletePen
GdipCreatePen1
GdipDeleteBrush
GdipAlloc
GdipFree
GdipCreatePathGradientFromPath
GdipGetImageGraphicsContext
GdipSetInterpolationMode
GdipDrawPath
GdipGraphicsClear
GdipFillPath
GdipDrawString
GdipMeasureString
GdipDrawImageRectI
GdipCreateFontFromLogfontA
GdipCloneBitmapAreaI
GdipCloneBrush
GdiplusShutdown
GdiplusStartup
GdipDeleteFont
GdipCloneImage
GdipCreateFontFromDC

Sections

.text
Size: 853KB - Virtual size: 852KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 150KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0ea15b35c0d09b8cf15ac7dcec83708d

Code Sign

6d:2f:b6:37:5d:3a:87:88:b7:35:fe:db:d0:60:73:2bCertificate

Extended Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6dCertificate

Key Usages

ea:1f:f7:f2:9b:a2:42:07:7e:0d:1e:75:3a:07:e2:04:66:fd:a5:86Signer

Headers

DLL Characteristics

File Characteristics

Imports

version

oleacc

urlmon

wininet

ws2_32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

gdiplus

Sections

.text Size: 853KB - Virtual size: 852KB

.rdata Size: 150KB - Virtual size: 149KB

.data Size: 15KB - Virtual size: 24KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 6KB - Virtual size: 6KB

6d:2f:b6:37:5d:3a:87:88:b7:35:fe:db:d0:60:73:2b
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

ea:1f:f7:f2:9b:a2:42:07:7e:0d:1e:75:3a:07:e2:04:66:fd:a5:86
Signer

.text
Size: 853KB - Virtual size: 852KB

.rdata
Size: 150KB - Virtual size: 149KB

.data
Size: 15KB - Virtual size: 24KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 6KB - Virtual size: 6KB